You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@geronimo.apache.org by "Jacek Laskowski (JIRA)" <de...@geronimo.apache.org> on 2006/09/26 17:28:52 UTC
[jira] Created: (GERONIMO-2435) Shutdown doesn't require valid
credentials
Shutdown doesn't require valid credentials
------------------------------------------
Key: GERONIMO-2435
URL: http://issues.apache.org/jira/browse/GERONIMO-2435
Project: Geronimo
Issue Type: Bug
Security Level: public (Regular issues)
Components: security, startup/shutdown, Tomcat
Affects Versions: 1.2
Environment: jlaskowski@dev /cygdrive/c/oss/geronimo
$ svn info
Path: .
URL: https://svn.apache.org/repos/asf/geronimo/server/trunk
Repository Root: https://svn.apache.org/repos/asf
Repository UUID: 13f79535-47bb-0310-9956-ffa450edef68
Revision: 449803
Node Kind: directory
Schedule: normal
Last Changed Author: djencks
Last Changed Rev: 449797
Last Changed Date: 2006-09-25 22:05:13 +0200 (Mon, 25 Sep 2006)
Properties Last Updated: 2006-09-13 16:27:07 +0200 (Wed, 13 Sep 2006)
Reporter: Jacek Laskowski
1/ Run geronimo-tomcat-j2ee with ./bin/startup.sh
2/ Run ./bin/shutdown.sh. When asked about Username and password enter whatever comes to your mind, say x/x
3/ Notice that although the credenatials are wrong, the server shutdown procedure begins (@see var/log/geronimo.out)
Server shutdown begun
...
Server shutdown completed
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Updated: (GERONIMO-2435) Shutdown doesn't require valid
credentials
Posted by "Paul McMahan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paul McMahan updated GERONIMO-2435:
-----------------------------------
Component/s: (was: Tomcat)
I was unable to recreate this problem using the tomcat-j2ee-1.2-beta assembly. When I supplied invalid credentials the shutdown failed as I expected, see below. From what I understand there is a way for geronimo to cache your credentials, perhaps that was in effect when you invoked the shutdown command?
frylock:~/geronimo-tomcat-j2ee-1.2-beta/bin pmcmahan$ ./shutdown.sh
Using GERONIMO_BASE: /Users/pmcmahan/geronimo-tomcat-j2ee-1.2-beta
Using GERONIMO_HOME: /Users/pmcmahan/geronimo-tomcat-j2ee-1.2-beta
Using GERONIMO_TMPDIR: /Users/pmcmahan/geronimo-tomcat-j2ee-1.2-beta/var/temp
Using JRE_HOME: /System/Library/Frameworks/JavaVM.framework/Versions/1.5.0/Home
Username: asdfasdfads
Password: ************
Locating server on port 1099... java.lang.SecurityException: Invalid login
at org.apache.geronimo.jmxremoting.Authenticator.authenticate(Authenticator.java:70)
at javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:221)
at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:188)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
at sun.rmi.transport.Transport$1.run(Transport.java:153)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
at java.lang.Thread.run(Thread.java:613)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:126)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2229)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:271)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248)
at org.apache.geronimo.deployment.cli.StopServer.getRunningKernel(StopServer.java:143)
at org.apache.geronimo.deployment.cli.StopServer.execute(StopServer.java:99)
at org.apache.geronimo.deployment.cli.StopServer.main(StopServer.java:52)
Also, this problem doesn't seem to be related to tomcat so I removed that from the responsible components..
> Shutdown doesn't require valid credentials
> ------------------------------------------
>
> Key: GERONIMO-2435
> URL: https://issues.apache.org/jira/browse/GERONIMO-2435
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, startup/shutdown
> Affects Versions: 1.2
> Environment: jlaskowski@dev /cygdrive/c/oss/geronimo
> $ svn info
> Path: .
> URL: https://svn.apache.org/repos/asf/geronimo/server/trunk
> Repository Root: https://svn.apache.org/repos/asf
> Repository UUID: 13f79535-47bb-0310-9956-ffa450edef68
> Revision: 449803
> Node Kind: directory
> Schedule: normal
> Last Changed Author: djencks
> Last Changed Rev: 449797
> Last Changed Date: 2006-09-25 22:05:13 +0200 (Mon, 25 Sep 2006)
> Properties Last Updated: 2006-09-13 16:27:07 +0200 (Wed, 13 Sep 2006)
> Reporter: Jacek Laskowski
>
> 1/ Run geronimo-tomcat-j2ee with ./bin/startup.sh
> 2/ Run ./bin/shutdown.sh. When asked about Username and password enter whatever comes to your mind, say x/x
> 3/ Notice that although the credenatials are wrong, the server shutdown procedure begins (@see var/log/geronimo.out)
> Server shutdown begun
> ...
> Server shutdown completed
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Commented: (GERONIMO-2435) Shutdown doesn't require valid
credentials
Posted by "Vamsavardhana Reddy (JIRA)" <ji...@apache.org>.
[ http://issues.apache.org/jira/browse/GERONIMO-2435?page=comments#action_12451108 ]
Vamsavardhana Reddy commented on GERONIMO-2435:
-----------------------------------------------
I could not recreate the problem on Win XP. Can someone verify this JIRA?
On Win XP, G Tomcat 1.2-SNAPSHOT server:
Server shutdown was successful using shutdown.bat and correct credentials.
I got the following exception upon entering wrong credentials.
Locating server on port 1099... java.lang.SecurityException: Invalid login
at org.apache.geronimo.jmxremoting.Authenticator.authenticate(Authentica
tor.java:70)
at javax.management.remote.rmi.RMIServerImpl$1.run(RMIServerImpl.java:14
1)
at java.security.AccessController.doPrivileged(Native Method)
at javax.management.remote.rmi.RMIServerImpl.authenticate(RMIServerImpl.
java:137)
at javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.jav
a:91)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
at sun.rmi.transport.Transport$1.run(Transport.java:148)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:4
60)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport
.java:701)
at java.lang.Thread.run(Thread.java:534)
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Stream
RemoteCall.java:247)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:
223)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Sour
ce)
at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:12
3)
at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFacto
ry.java:38)
at org.apache.geronimo.deployment.cli.StopServer.getRunningKernel(StopSe
rver.java:143)
at org.apache.geronimo.deployment.cli.StopServer.execute(StopServer.java
:99)
at org.apache.geronimo.deployment.cli.StopServer.main(StopServer.java:52
)
> Shutdown doesn't require valid credentials
> ------------------------------------------
>
> Key: GERONIMO-2435
> URL: http://issues.apache.org/jira/browse/GERONIMO-2435
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat, startup/shutdown
> Affects Versions: 1.2
> Environment: jlaskowski@dev /cygdrive/c/oss/geronimo
> $ svn info
> Path: .
> URL: https://svn.apache.org/repos/asf/geronimo/server/trunk
> Repository Root: https://svn.apache.org/repos/asf
> Repository UUID: 13f79535-47bb-0310-9956-ffa450edef68
> Revision: 449803
> Node Kind: directory
> Schedule: normal
> Last Changed Author: djencks
> Last Changed Rev: 449797
> Last Changed Date: 2006-09-25 22:05:13 +0200 (Mon, 25 Sep 2006)
> Properties Last Updated: 2006-09-13 16:27:07 +0200 (Wed, 13 Sep 2006)
> Reporter: Jacek Laskowski
>
> 1/ Run geronimo-tomcat-j2ee with ./bin/startup.sh
> 2/ Run ./bin/shutdown.sh. When asked about Username and password enter whatever comes to your mind, say x/x
> 3/ Notice that although the credenatials are wrong, the server shutdown procedure begins (@see var/log/geronimo.out)
> Server shutdown begun
> ...
> Server shutdown completed
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (GERONIMO-2435) Shutdown doesn't require valid
credentials
Posted by "David Jencks (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2435?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
David Jencks closed GERONIMO-2435.
----------------------------------
Resolution: Cannot Reproduce
Assignee: David Jencks
we have 3 people who can't reproduce this.... time to close it.
> Shutdown doesn't require valid credentials
> ------------------------------------------
>
> Key: GERONIMO-2435
> URL: https://issues.apache.org/jira/browse/GERONIMO-2435
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, startup/shutdown
> Affects Versions: 1.2
> Environment: jlaskowski@dev /cygdrive/c/oss/geronimo
> $ svn info
> Path: .
> URL: https://svn.apache.org/repos/asf/geronimo/server/trunk
> Repository Root: https://svn.apache.org/repos/asf
> Repository UUID: 13f79535-47bb-0310-9956-ffa450edef68
> Revision: 449803
> Node Kind: directory
> Schedule: normal
> Last Changed Author: djencks
> Last Changed Rev: 449797
> Last Changed Date: 2006-09-25 22:05:13 +0200 (Mon, 25 Sep 2006)
> Properties Last Updated: 2006-09-13 16:27:07 +0200 (Wed, 13 Sep 2006)
> Reporter: Jacek Laskowski
> Assignee: David Jencks
>
> 1/ Run geronimo-tomcat-j2ee with ./bin/startup.sh
> 2/ Run ./bin/shutdown.sh. When asked about Username and password enter whatever comes to your mind, say x/x
> 3/ Notice that although the credenatials are wrong, the server shutdown procedure begins (@see var/log/geronimo.out)
> Server shutdown begun
> ...
> Server shutdown completed
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
Re: [jira] Commented: (GERONIMO-2435) Shutdown doesn't require valid credentials
Posted by Jason Dillon <ja...@planet57.com>.
I've never tried actually...
Though we should have an integration tests for this in the testsuite/
* so we can be sure to catch stuff like this in the future (more so
once these bits are automated).
--jason
On Apr 5, 2007, at 5:39 PM, Jay D. McHugh (JIRA) wrote:
>
> [ https://issues.apache.org/jira/browse/GERONIMO-2435?
> page=com.atlassian.jira.plugin.system.issuetabpanels:comment-
> tabpanel#action_12487123 ]
>
> Jay D. McHugh commented on GERONIMO-2435:
> -----------------------------------------
>
> I am unable to duplicate this on the 'final' 1.2 release.
>
> Has anyone been able to duplicate this since originally reported?
>
>> Shutdown doesn't require valid credentials
>> ------------------------------------------
>>
>> Key: GERONIMO-2435
>> URL: https://issues.apache.org/jira/browse/
>> GERONIMO-2435
>> Project: Geronimo
>> Issue Type: Bug
>> Security Level: public(Regular issues)
>> Components: security, startup/shutdown
>> Affects Versions: 1.2
>> Environment: jlaskowski@dev /cygdrive/c/oss/geronimo
>> $ svn info
>> Path: .
>> URL: https://svn.apache.org/repos/asf/geronimo/server/trunk
>> Repository Root: https://svn.apache.org/repos/asf
>> Repository UUID: 13f79535-47bb-0310-9956-ffa450edef68
>> Revision: 449803
>> Node Kind: directory
>> Schedule: normal
>> Last Changed Author: djencks
>> Last Changed Rev: 449797
>> Last Changed Date: 2006-09-25 22:05:13 +0200 (Mon, 25 Sep 2006)
>> Properties Last Updated: 2006-09-13 16:27:07 +0200 (Wed, 13 Sep 2006)
>> Reporter: Jacek Laskowski
>>
>> 1/ Run geronimo-tomcat-j2ee with ./bin/startup.sh
>> 2/ Run ./bin/shutdown.sh. When asked about Username and password
>> enter whatever comes to your mind, say x/x
>> 3/ Notice that although the credenatials are wrong, the server
>> shutdown procedure begins (@see var/log/geronimo.out)
>> Server shutdown begun
>> ...
>> Server shutdown completed
>
> --
> This message is automatically generated by JIRA.
> -
> You can reply to this email to add a comment to the issue online.
>
[jira] Commented: (GERONIMO-2435) Shutdown doesn't require valid
credentials
Posted by "Jay D. McHugh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/GERONIMO-2435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12487123 ]
Jay D. McHugh commented on GERONIMO-2435:
-----------------------------------------
I am unable to duplicate this on the 'final' 1.2 release.
Has anyone been able to duplicate this since originally reported?
> Shutdown doesn't require valid credentials
> ------------------------------------------
>
> Key: GERONIMO-2435
> URL: https://issues.apache.org/jira/browse/GERONIMO-2435
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, startup/shutdown
> Affects Versions: 1.2
> Environment: jlaskowski@dev /cygdrive/c/oss/geronimo
> $ svn info
> Path: .
> URL: https://svn.apache.org/repos/asf/geronimo/server/trunk
> Repository Root: https://svn.apache.org/repos/asf
> Repository UUID: 13f79535-47bb-0310-9956-ffa450edef68
> Revision: 449803
> Node Kind: directory
> Schedule: normal
> Last Changed Author: djencks
> Last Changed Rev: 449797
> Last Changed Date: 2006-09-25 22:05:13 +0200 (Mon, 25 Sep 2006)
> Properties Last Updated: 2006-09-13 16:27:07 +0200 (Wed, 13 Sep 2006)
> Reporter: Jacek Laskowski
>
> 1/ Run geronimo-tomcat-j2ee with ./bin/startup.sh
> 2/ Run ./bin/shutdown.sh. When asked about Username and password enter whatever comes to your mind, say x/x
> 3/ Notice that although the credenatials are wrong, the server shutdown procedure begins (@see var/log/geronimo.out)
> Server shutdown begun
> ...
> Server shutdown completed
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.